Hey hackers! These are our favorite resources related to pentesting and bug hunting that we came across the last few days.

This issue covers the week from 24 to 31 of August.

Our favorite 5 hacking items #

1. Guide of the week #

The Complete Guide to CORS (In)Security by Bedefended

This is a comprehensive guide to CORS for security professionals. It’s the best document that I’ve seen on this subject, covering everything from an introduction to the basics of SOP (Same-Origin Policy) and CORS, to attacks and mitigations, with references to the existing research on this topic.

2. Video of the week #

Christina Camilleri: Security Solutions Specialist for Riot Games | Play Makers Episode 6 by Travis Gafford

Wow, I could not get my eyes of Christina during this interview. I’m usually not into “My path to infosec”-type interviews but this one is fascinating: She shares stories of physical pentests, insights into social engineering, why security is so important for a video game company… all with glimmering eyes that are a testament to her passion!

3. Writeup of the week #

Remote code execution by hijacking an unclaimed S3 bucket in Rocket.Chat’s installation script. by @EdOverflow

This is a simple bug but very creative!

My main takeway is to always carefully read the source code if you have access to it.
In the latest release of Rocket.Chat, an install.sh script contained a curl request to retrieve a file from an unclaimed S3 bucket. So by creating a bucket with the same name, Ed could make users download any files from his bucket.

4. Tool of the week #

getsploit by @VulnersCom

This is a simple but useful command-line tool to search for vulnerabilities listed in vulners.com, the same way searchsploit searches for vulnerabilities in exploit-db.com.

5. Non technical item of the week #

AWS Slurp Github Takeover by @SweetRollBandit

This is a good reminder to always read the source code of github repositories before executing any script file in them.
That said, if anyone has a copy of the real Slurp repo, would you please send it to me? I couldn’t find it anywhere!

Other amazing things we stumbled upon this week #

Podcasts #

• Ep. 23, Some fantastic hackers are about

Tutorials #

Medium to advanced #

• Subdomain Takeover: Going beyond CNAME
• OpenSSH User Enumeration Vulnerability: a Close Look
• The Secrets in URL Shortening Services
• Out of Band Exploitation (OOB) CheatSheet
• Detailed Explanation of PHP Type Juggling Vulnerabilities
• DNS Rebinding Headless Browsers

Beginners corner #

• Data retrieval via blind command injection
• Finding and exploiting Blind XSS
• 5 Things You Didn’t Know You Could do with Nmap

Writeups #

• Another OpenSSH “user enumeration”

Tools #

• cangibrina
• burpcommander: Ruby command-line interface to Burp Suite’s REST API & tutorial

Misc. pentest & bug bounty resources #

• So You Want To Be a Pentester?
• Pen tester’s Diary : Episode 1
• bounty-targets-data
• Week in OSINT #2018–34
• How Cloudflare protects customers from cache poisoning
• RedTeaming from Zero to One – Part 1 & Part 2
• A Chromium-based Command-line Alternative to Curl

Non technical #

• Hacker Q&A with Matthew Bryant: Good Artists Copy, Great Artists Steal
• 118 Fascinating Facts from HackerOne’s Hacker-Powered Security Report 2018

Tweeted this week #

We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 08/17/2018 to 08/24/2018

Have a nice week folks!

If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…